Hi,
I am configuring an openldap 2.4.40 on RHEL7 x86_64 and want to enable database checksum. Below please find the steps I am following:
[root@host01 mail]# cat config.ldif dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /etc/openldap/slapd.conf.bak olcConfigDir: /etc/openldap/slapd.d olcAllows: bind_v2 olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: x-hidden lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCACertificatePath: /etc/openldap/certs olcTLSCertificateFile: "OpenLDAP Server" olcTLSCertificateKeyFile: /etc/openldap/certs/password olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/nis.ldif
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAddContentAcl: TRUE olcAccess: to attrs=name;x-hidden by * =cs olcAccess: to attrs=userPassword by * auth olcAccess: to * by * read olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none olcAddContentAcl: TRUE olcRootPW: {SSHA}C6JfIRI6XajtZcjabtSJZyi1rArPsy1j olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig
dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=manager,dc=example,dc=com" read by * none olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig
dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=manager,dc=example,dc=com" write by * none olcAccess: {1} to dn.base="" by * read olcAccess: {2} to * by self write by dn="cn=manager,dc=example,dc=com" write by * read olcAddContentAcl: FALSE olcDatabase: {2}hdb olcDbCacheFree: 1 olcDbCacheSize: 1000 olcDbCheckpoint: 512 15 olcDbChecksum: true olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 3000 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbDirectory: /var/lib/ldap olcDbDirtyRead: FALSE olcDbDNcacheSize: 0 olcDbIDLcacheSize: 3000 olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbNoSync: FALSE olcDbSearchStack: 16 olcDbShmKey: 0 olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=manager,dc=example,dc=com olcRootPW: {SSHA}C6JfIRI6XajtZcjabtSJZyi1rArPsy1j olcSuffix: dc=example,dc=com structuralObjectClass: olcHdbConfig [root@host01 mail]#
[root@host01 mail]# slapadd -v -F slapd.d -n 0 -l config.ldif added: "cn=config" (00000001) added: "cn=schema,cn=config" (00000001) added: "cn={0}core,cn=schema,cn=config" (00000001) added: "cn={1}cosine,cn=schema,cn=config" (00000001) added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001) added: "cn={3}nis,cn=schema,cn=config" (00000001) added: "olcDatabase={-1}frontend,cn=config" (00000001) added: "olcDatabase={0}config,cn=config" (00000001) added: "olcDatabase={1}monitor,cn=config" (00000001) 56617865 Entry (olcDatabase={2}hdb,cn=config), attribute 'olcDbChecksum' not allowed slapadd: dn="olcDatabase={2}hdb,cn=config" (line=1079): (65) attribute 'olcDbChecksum' not allowed _#################### 100.00% eta none elapsed none fast! Closing DB... [root@host01 mail]#
From the github sources
back-bdb/config.c 78 { "checksum", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_CHECKSUM, 79 bdb_cf_gen, "( OLcfgDbAt:1.16 NAME 'olcDbChecksum' " 80 "DESC 'Enable database checksum validation' "
I tried olcDbChecksum: true, olcDbChecksum: TRUE, olcDbChecksum: 1, olcDbChecksum: ON without any success.
Do you have any ideas on how I get around this ?
Regards Kenneth